Security at WorkWave
We stand behind our security practices, policies and infrastructure for our solutions and services, ensuring we are always the best partner we can be to our customers. Security is a key component in all our offerings and is reflected in our people, processes and products.
Our security and risk management processes prevent sensitive information from getting into the wrong hands. Further, they ensure all operations are running securely, protecting the confidentiality of our customers’ information.
WorkWave actively monitors our systems for external and internal threats at the application, server and network levels through a dedicated security operations team.
We maintain and execute security incident response procedures in response to a wide variety of threats and work closely with our engineering and external security teams to identify and remediate vulnerabilities.
WorkWave has established policies and procedures to handle and respond to any potential security incidents that can affect WorkWave infrastructure and services in direct or indirect fashion.
Incident response procedures are tested and updated on an annual basis or when a major infrastructure change occurs.
WorkWave performs security audits on our internal and external environments.
Audits are performed by our in-house security team and credentialled third-party security vendors. Audit results are reviewed by WorkWave’s security committee. Reported vulnerabilities are prioritized, tracked and resolved to eliminate the risk of known vulnerabilities.
Secure Development Lifecycle
WorkWave has introduced ‘Privacy By Design’ and ‘Secure-By-Design’ methodologies into our product development lifecycle.
User privacy and security are evaluated during each stage of the development process to ensure only necessary data is collected to perform an application’s task.
Technology Infrastructure Security
We take rigorous measures to secure the network of electronic systems and devices that are configured, operated and maintained by WorkWave to provide various internal and external functions and services.
All application endpoints employ network firewalls, web application firewalls, intrusion detection systems, DDOS mitigation, HTTPS TLS 1.2+ encryption and fully authenticated sessions to ensure the security of our applications.
Sensitive servers and systems are deployed to private networks, behind load balancers, network firewalls and proxy servers to reduce our security footprint.
Cloud and Network Security
We employ rigorous safeguards and security measures to provide a secure environment to you and your customers.
We employ a defense in depth strategy utilizing web application firewalls, multi-factor authentication, intrusion detection systems, audit and logging systems, restricted access controls and encrypted access tools.
Identity and Access Control
WorkWave has established strict rules and processes around user access provisioning to minimize the risk of data exposure. WorkWave follows principles of least-privilege and role-based permissions when provisioning access.
User access audits are performed by the WorkWave Security team on regular intervals. Employees are required to use strong passwords with multi-factor authentication and SSO.
Monitoring & Threat Detection
We employ advanced logging and monitoring of network, system, OS, application, database and cloud events. Logs are stored separately from production systems to ensure their integrity. We log more than a billion events each day to ensure the performance and security of our systems.
WorkWave controls access to its resources, including buildings, infrastructure and facilities. We provide employees, contractors, vendors and visitors with different access cards that only allow access strictly specific to the purpose of their entrance onto the premises.
WorkWave’s office building security monitors all entry and exit movements throughout our premises in all our business centers through CCTV cameras deployed according to local regulations.
Physical security of data centers are managed by data center and cloud providers including AWS, Google and others.
We protect your information against unauthorized access or use and operational failures that could result in exposure, deletion, or corruption of that data. Data security exercises ensure we practice caution while handling sensitive data that passes through our systems.
Availability & Disaster Recovery
All WorkWave systems are highly available, employing redundant systems and networking to ensure continuous service in the event of failures.
In the event of a recovery event, WorkWave has defined DR plans to ensure a coordinated and quick response.
Data Protection & Encryption
All databases are backed up and stored in 4 separate and encrypted physical locations to provide the highest resiliency against data corruption and ransomware threats.
Document storage is backed by Amazon’s S3 service to provide the highest levels of security, resiliency and availability.
Privacy and Compliance
Data privacy and compliance programs at WorkWave are focused on how personal information and data are collected, used, shared and processed, consistent with the expectations of the individual and applicable laws, regulations, professional practice requirements and contractual obligations.
WorkWave works with leading audit firms to certify our adherence to industry-standard compliance programs and regulations so you can have confidence that your company and customer data is secure and compliant.
Certifications: PCI DSS, SOC-1 Type 2, Soc-2 Type 2, Privacy Shield
Governance, Risk & Compliance
All production changes go through a rigorous and SOC-1 certified change management processes.
We frequently conduct vulnerability scans and penetration tests to improve the security of our cloud environments.
We follow ISO 27001, GDPR, CCPA, PCI DSS and SOC-1 guidelines for risk management, change management, data privacy and security.
WorkWave makes every effort to preserve the privacy of its users and customers.
Our detailed privacy statement can be found here:
Employee and Partner Security
WorkWave follows strict guidelines while onboarding new vendors, employees and contractors to ensure our customers are in safe hands. Further, we ensure our employees have the knowledge and skills to perform their roles effectively while protecting the security of our systems and your data. This helps WorkWave to prevent and mitigate user and partner risk.
Training & Certification
WorkWave has created a culture of security that covers all employees.
All employees are required to take security awareness training on a regular basis. Engineering and operations employees receive additional job/function-specific training and certification to be informed, adaptable and responsive to whatever risks may arise.
Each WorkWave employee undergoes a process of background verification. We hire reputable external agencies to perform this check on our behalf. We do this to verify criminal records, previous employment records if any, and educational background. Until this check is performed, the employee is not assigned tasks that may pose risks to customers.
WorkWave utilizes third-party technology vendors to provide additional functionalities and software integrations. We take appropriate steps to ensure our security requirements are maintained by vendors at all times.
WorkWave evaluates vendor security at least annually.
Report a Security Issue
WorkWave has a Responsible Disclosure Program to work with the community to identify security issues in our products. If you discover a vulnerability in our systems, products or network infrastructure, WorkWave appreciates your help in disclosing it to our company in a responsible manner by sending an email to: firstname.lastname@example.org
Read our whitepaper to learn more about security at WorkWave.